Can I trust Wordfence & Gravity Scan Results?

The first thing any criminal is doing? They’re running their own Gravity Scan and Wordfence, and figuring out ways to defeat. So what does it mean when scans don’t find anything? It means the scans didn’t find the exploits they scanned for… that’s all. There is no magic to this. Your site could indeed still be compromised. MTN

@mountainguy2, thank you for your input.

I apologize for creating the wrong impression in my initial post. I’ll address any future requests aimed at the Wordfence support team as such to avoid any confusion as to whom I’m talking to.

My bad.

You may have missed MTN’s point – which was that your site may have been compromised outside of the control/scope of site scanners.

For example, your server may have been compromised outside of your site, allowing a backdoor for hackers no matter what you do at the site level.

@bluebearmedia, thank you for your input as well.

I appreciate that you both took the time and made the effort to share your assessments with me. The matter is being dealt with holistically.

1. The initial question, while somewhat esoteric in nature, is for me crucial to understand correctly. I need to have as thorough a grasp as possible of how much of the website security Wordfence covers and how much troubleshooting information a Gravscan provides, and in all fairness no one can answer that question on the developers behalf. I don’t expect this to be some “magical” futuristic technology, but I do need to understand what it does and does not do.
2. To clarify my reply to MTN; the cause of the breach is not the focus of this topic, to what extent Wordfence prevents breaches in general is and a vague reply like “it does what it does” is really a waste of everyone’s time.
3. No one who posts here has the legal right to provide communication on behalf of Wordfence, except those individuals who have been tasked to do just that, and they operate within a specific framework of what can and cannot be said, as any answer they provide here is public domain. So I know that when I get an answer from them that it is an accurate and well thought-through response that I can base my actions on going forward.

That is the longer version of what I tried to summarize in my previous response.

mmkay… suit yourself!

Hi @mjem
Sorry for my late reply, I need to emphasize something similar to what was mentioned by @bluebearmedia which is Wordfence was developed to protect your “WordPress” website (some of the scan features extends to cover files in other directories as well), so on the application level, answering to your question you can fully trust the scan result, and since you have mentioned that after all the cleaning processes you have done, “2 hours later – the admin username is changed” then I can tell for sure that your server is compromised, it could be something related to the web server configuration, files permissions, MySQL configuration or something else.

So, in general Wordfence firewall will prevent attacks described in the firewall rules set in (Wordfence > Firewall), along with preventing brute-force attacks with “Login Security” options enabled, however, choosing a good hosting and protecting your working environment are essentials.

I’m not allowed to discuss/answer questions regarding Gravityscan since this forum is for Wordfence support only, but there is a contact form on the website where you can send us your feedback.

Thanks.

@wfalaa, thank you for your response.

Honestly when all this happened it shook my trust in Wordfence, but after reading your reply I feel relieved. I am glad that I was previously under the correct impression.

@mountainguy2, @bluebearmedia – thank you for your replies as well. It was just crucial for me to hear a legit response from Wordfence.

Sorry to be late to the party but 3 days ago I logged into my site for the first time and had 4 notifications from Wordfence, one of which offered a free scan from Gravity scan. The scan reported my site had been hacked 8 times and was sending out spammy emails with infections from comments. I contacted my host reseller who told me it wasn’t his responsibility to update my site. He built, managed and converted my site to wordpress for me to manage because I’m now small potatoes to him. He has no knowledge of wordfence or gravity scan. He claims my site is clean. My question is are these scan results legit or not because it’s the same action/reaction as many freeware security products that will show results and promise better results by bypassing the free version and buying the premium version, which is what Gravity scan offered. How do I know if my site IS truly infected and how can it be disinfected? I checked off all the items in the article “How to Secure Your WordPress Working Environment” so what are the best security options? Wordfence free, paid and regular updating and plugin management? Many thanks!